EP4027276A1 - Anomaliedetektion basierend auf einem ereignisbaum - Google Patents

Anomaliedetektion basierend auf einem ereignisbaum Download PDF

Info

Publication number
EP4027276A1
EP4027276A1 EP21210451.7A EP21210451A EP4027276A1 EP 4027276 A1 EP4027276 A1 EP 4027276A1 EP 21210451 A EP21210451 A EP 21210451A EP 4027276 A1 EP4027276 A1 EP 4027276A1
Authority
EP
European Patent Office
Prior art keywords
event
attribute
node
attributes
nodes
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP21210451.7A
Other languages
English (en)
French (fr)
Inventor
John Raymond HERREMA III
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BlackBerry Ltd
Original Assignee
BlackBerry Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BlackBerry Ltd filed Critical BlackBerry Ltd
Publication of EP4027276A1 publication Critical patent/EP4027276A1/de
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/23Updating
    • G06F16/2365Ensuring data consistency and integrity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N5/00Computing arrangements using knowledge-based models
    • G06N5/01Dynamic search techniques; Heuristics; Dynamic trees; Branch-and-bound
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Mathematical Physics (AREA)
  • Evolutionary Computation (AREA)
  • Artificial Intelligence (AREA)
  • Databases & Information Systems (AREA)
  • Computational Linguistics (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Medical Informatics (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
EP21210451.7A 2021-01-08 2021-11-25 Anomaliedetektion basierend auf einem ereignisbaum Pending EP4027276A1 (de)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US17/144,829 US11893005B2 (en) 2021-01-08 2021-01-08 Anomaly detection based on an event tree

Publications (1)

Publication Number Publication Date
EP4027276A1 true EP4027276A1 (de) 2022-07-13

Family

ID=78819279

Family Applications (1)

Application Number Title Priority Date Filing Date
EP21210451.7A Pending EP4027276A1 (de) 2021-01-08 2021-11-25 Anomaliedetektion basierend auf einem ereignisbaum

Country Status (2)

Country Link
US (1) US11893005B2 (de)
EP (1) EP4027276A1 (de)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024068875A1 (en) * 2022-09-28 2024-04-04 Leybold Gmbh Method for a vacuum pump system

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
BR112021010468A2 (pt) * 2018-12-31 2021-08-24 Intel Corporation Sistemas de segurança que empregam inteligência artificial

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200389476A1 (en) * 2019-06-04 2020-12-10 Telefonaktiebolaget Lm Ericsson (Publ) Method and arrangement for detecting anomalies in network data traffic

Family Cites Families (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8037535B2 (en) * 2004-08-13 2011-10-11 Georgetown University System and method for detecting malicious executable code
US20090323516A1 (en) * 2008-06-27 2009-12-31 Microsoft Corporation Diagnosing network problems
JP5339507B2 (ja) * 2008-10-01 2013-11-13 インターナショナル・ビジネス・マシーンズ・コーポレーション 木構造を探索する方法
US20120254333A1 (en) * 2010-01-07 2012-10-04 Rajarathnam Chandramouli Automated detection of deception in short and multilingual electronic messages
US8504876B2 (en) * 2010-04-30 2013-08-06 The Mitre Corporation Anomaly detection for database systems
EP2633445A4 (de) * 2010-10-25 2014-09-17 Intelius Inc Kosteneffiziente alternierende entscheidungsbäume zur datensatzverknüpfung
US8682812B1 (en) * 2010-12-23 2014-03-25 Narus, Inc. Machine learning based botnet detection using real-time extracted traffic features
US10230747B2 (en) * 2014-07-15 2019-03-12 Cisco Technology, Inc. Explaining network anomalies using decision trees
US10045218B1 (en) * 2016-07-27 2018-08-07 Argyle Data, Inc. Anomaly detection in streaming telephone network data
US10902062B1 (en) * 2017-08-24 2021-01-26 Amazon Technologies, Inc. Artificial intelligence system providing dimension-level anomaly score attributions for streaming data
US11194906B2 (en) * 2018-07-31 2021-12-07 Nec Corporation Automated threat alert triage via data provenance
US11516235B2 (en) * 2018-10-04 2022-11-29 Kaalbi Technologies Private Limited System and method for detecting bots based on anomaly detection of JavaScript or mobile app profile information
US11531915B2 (en) * 2019-03-20 2022-12-20 Oracle International Corporation Method for generating rulesets using tree-based models for black-box machine learning explainability
US11294756B1 (en) * 2019-09-19 2022-04-05 Amazon Technologies, Inc. Anomaly detection in a network
US20220129791A1 (en) * 2020-10-28 2022-04-28 Oracle International Corporation Systematic approach for explaining machine learning predictions
US11574057B2 (en) * 2020-10-29 2023-02-07 Dell Products L.P. Encryption as a service with request pattern anomaly detection
US11824877B2 (en) * 2020-11-10 2023-11-21 Armis Security Ltd. System and method for anomaly detection interpretation
US11374919B2 (en) * 2020-11-18 2022-06-28 Okta, Inc. Memory-free anomaly detection for risk management systems

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200389476A1 (en) * 2019-06-04 2020-12-10 Telefonaktiebolaget Lm Ericsson (Publ) Method and arrangement for detecting anomalies in network data traffic

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
STRIPLING EUGEN ET AL: "Isolation-based conditional anomaly detection on mixed-attribute data to uncover workers' compensation fraud", DECISION SUPPORT SYSTEMS, ELSEVIER, AMSTERDAM, NL, vol. 111, 22 April 2018 (2018-04-22), pages 13 - 26, XP085405661, ISSN: 0167-9236, DOI: 10.1016/J.DSS.2018.04.001 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024068875A1 (en) * 2022-09-28 2024-04-04 Leybold Gmbh Method for a vacuum pump system

Also Published As

Publication number Publication date
US11893005B2 (en) 2024-02-06
US20220222238A1 (en) 2022-07-14

Similar Documents

Publication Publication Date Title
US11411966B2 (en) Processing anomaly data to identify threats to network security
AU2017224993B2 (en) Malicious threat detection through time series graph analysis
US10521584B1 (en) Computer threat analysis service
US10038710B2 (en) Efficient identification of log events in enterprise threat detection
US10121000B1 (en) System and method to detect premium attacks on electronic networks and electronic devices
US10706144B1 (en) Cyber defense with graph theoretical approach
CN109074454B (zh) 基于赝象对恶意软件自动分组
US20200177608A1 (en) Ontology Based Persistent Attack Campaign Detection
US20200004957A1 (en) Machine learning-based security alert escalation guidance
EP4027276A1 (de) Anomaliedetektion basierend auf einem ereignisbaum
Kim et al. WebMon: ML-and YARA-based malicious webpage detection
US20230418938A1 (en) Attack kill chain generation and utilization for threat analysis
US20240152626A1 (en) Security Event Modeling and Threat Detection Using Behavioral, Analytical, and Threat Intelligence Attributes
Sommestad et al. Variables influencing the effectiveness of signature-based network intrusion detection systems
Yüksel et al. Towards useful anomaly detection for back office networks
US20240045957A1 (en) Utilizing machine learning to detect ransomware in code
EP4105802A1 (de) Verfahren, computerlesbares medium und system zum erkennen von schadsoftware in hierarchisch strukturierten dateien
EP4283952A1 (de) Tunnelungserkennung für domänennamensystem
US20230056625A1 (en) Computing device and method of detecting compromised network devices
US20230156017A1 (en) Quantification of Adversary Tactics, Techniques, and Procedures Using Threat Attribute Groupings and Correlation

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN PUBLISHED

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20221215

RBV Designated contracting states (corrected)

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 40078648

Country of ref document: HK

P01 Opt-out of the competence of the unified patent court (upc) registered

Effective date: 20230518